Environment
- Carbon Black Cloud Windows Sensor: 3.3.x.x and Higher
- Microsoft Windows: All Supported Versions
Objective
Run an expedited on-demand scan on entire drives or specific directories with the RepCLI utility
Resolution
- Log into the machine with a user account that matches the AD User or Group SID configured at the time of sensor install
- Launch a Command Prompt
- Change directory to C:\Program Files\Confer
- Run the following command
repcli ondemandscan [directory path]
- Progress can be tracked with the "repcli status" command, which includes scan information under the General Info section
C:\Program Files\Confer> repcli status
General Info:
Sensor Version[3.3.0.984]
Local Scanner Version[4.9.0.264 - ave.8.3.52.154:avpack.8.4.3.26:vdf.8.15.17.116]
Sensor State[Enabled]
Details[]
Kernel File Filter[Connected]
Background Scan[Expedited Scan]
Total Files Processed[2025] Current Directory[C:\Program Files\Common Files\VMware\InstallerCache]
Additional Notes
- The OnDemandScan will run as an expedited scan, which means the scan will run faster than a normal background scan and may impact performance.
- The OnDemandScan will not directly remove known malware. The results will be the same as the background scan that ran after Sensor install.
- The OnDemandScan will run on the specified directory and and generate file hashes and reputation lookups. This data will be stored in a local database for future file lookups.
- Any on-demand scans launched by RepCLI will be logged in the Windows Application Logs under Event ID 17.
- if do not specify a path argument, the sensor will scan all "fixed" drives by default.
- The sensor will not scan any external or USB drives.
- The OnDemandScan will only run on the contents of a specified directory or Drive, it can not run on individual files.
Related Content
